Just released BIND 9.8.0 RC1, ChangeLog snip
* A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
allows for a TCP DoS attack. Until there is a kernel fix, ISC is
disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
Is this another case of OpenBSD doing the right thing to start with and is
therefore invulnerable to this mentioned attack before it was even identified
here? A google search for (SO_ACCEPTFILTER bug openbsd) returns a bunch of
links from 8+ years ago.
Sent via BlackBerry from T-Mobile
